How to configure a CI/CD Deployment service

Continuous Integration/Continuous Delivery is a powerful addition to your development workflow. CI/CD automates deployment of commits that have passed tests and been merged into the deployment branch.

The basic principles

When a build completes successully on the CI service, it needs to send a signal to the Control Panel to start the deployment. Typically this would be with the command:

divio project deploy --remote-id <website id>

where the <website id> is as shown in its Divio Control Panel dashboard URL.

The Divio CLI will need to be installed in the environment that executes this command, and to be authenticated with the Control Panel.

An example using Travis CI

In this example we will use Travis CI as an example, though Circle CI, Jenkins and other services will work just as well, and the principles are the same.

Connect your project to the CI service

For Travis, this means activating the project in your Travis account settings (https://travis-ci.org/account/repositories).

Your project needs a .travis.yml file, which depending on the project might look something like:

language: python

python:
  - 3.5

sudo: false

install:
  - pip install isort flake8

script:
  - flake8 --max-line-length=200

Triggering the deployment on success

When a build is successful, we need Travis to log in as a Divio Cloud user and execute some steps in the after_success section of the file:

  • install the Divio CLI
  • log in
  • run a divio project deploy command, using your project’s website id

Authentication

To log in, Travis needs to provide your Divio Cloud authentication token.

Never include security keys in plain text

The token must never be included in plain text in the repository. Instead, you need to use an encrypted version. We recommend creating a Divio Cloud account specifically for using with Travis, so that you can more easily manage and revoke access.

You can encrypt your token using Travis’s encrypt tool. Once you have obtained the encrypted token, you can add the following to the travis.yml file:

after_success:
   - pip install divio-cli
   - divio login <encrypted token>
   - divio project deploy --remote-id <website id>

You could also run:

travis encrypt TOKEN="secretvalue" --add

which will add something like:

env:
  global:
    secure: EsKcqn4H0EBqZhEts [...] X6klJCNI=

to the file, and make $TOKEN available as an environment variable. So you would then use:

- divio login $TOKEN

in the file.

Using the deployment API directly

The Divio CLI is the most elegant way of interacting with the Control Panel for deployment, but if desired, you can also use the API directly:

curl -X POST --data 'stage=<env-slug>' --header "Authorization: Basic <encrypted token>" https://control.divio.com/api/v1/website/<website id>/deploy/

Caveats

  • Multiple successive pull requests could lead to a race condition, depending on the order in which they arrive, in which a successful CI build triggers a deployment that then prevents the next build from deploying.
  • If the CI job finishes very fast, it could trigger a deployment on the server before the Control Panel has had time to pull the changes to be deployed.